Neeed trojan removal instruction

Discussion in 'malware problems & news' started by dreamcatcherco, Mar 22, 2004.

Thread Status:
Not open for further replies.
  1. dreamcatcherco

    dreamcatcherco Registered Member

    Joined:
    Mar 22, 2004
    Posts:
    9
    o_O
    Trend Micro's online scan ("Housecall") tells me I have 3 Troajans. Two are Troj Hooker24.B--one is located in C\windows\winup.exe & one in C\rundll32.exe. Aliases are Trojan.PSW.Hooker.24.B and PWS-gen.Hooker.exe. The other one is Troj Delf.CX. The file is C\windows\wdll.dll. My operating system is XP Pro. I need clear, basic, non-technical jargon, step-by-step instructions for removing them. Have tried many software removal programs with no success (AVG, Trojan Hunter, Spy Hunter, Ad-aware). I am unemployed, and need to do the labor myself (free) if at all possible. House Call says they are "not cleanable". I don't know what the implications of that are. What do I need to do to remove these irritating equines? Thanks for any help you can provide.
     
  2. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Out of the apps you mentioned, only TH is a dedicated AT. AV's often cannot delete running processes. It's probably saying it cannot be cleaned because it is not an infected file but actual malware that must be deleted. But the process needs to be stopped in order to be deleted. Did you try a free trial version of TDS? Just be sure to update the signature definition files from the TDS website. I'd try that before attempting manual removal.

    The link here should provide you with a means to download TDS.
    http://www.wilders.org/anti_trojans.htm
     
  3. rodsoto

    rodsoto Registered Member

    Joined:
    Mar 18, 2004
    Posts:
    77
    Location:
    Australia
    Easiest way is to delete the detected files. However you may come into problems if the files are running (which most likely are). So I recommend downloading DiamondCS DelLater. It allows you to set which files to delete when windows reboots. Use this program agaist the detected files, reboot the system, and then look for the files again, they would have been removed.

    http://www.diamondcs.com.au/index.php?page=dellater

    However they may also be in the autostart registry/startup folders, so download DiamondCS Autostart Viewer, and remove the references to the detected files

    http://www.diamondcs.com.au/index.php?page=asviewer

     
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    trojans are rarely cleanable and normally the entire filke that has been identified needs to be deleted

    Use TDS3 as recommended by others and if you have any problems then post a Hijackthis log as many trojans can be removed very simply

    Hjt just tells us exactly what and where they are

    go to http://www.thespykiller.co.uk/files/HijackThis.exe and download 'Hijack This!'.
    make sure it is placed into it's own folder, not a temporary folder. Then doubleclick the Hijackthis.exe.
    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.
     
  5. dreamcatcherco

    dreamcatcherco Registered Member

    Joined:
    Mar 22, 2004
    Posts:
    9
    :D
    Oh, Wow! Thanks, everyone. I'm very impressed with you since I had previously posted on 2 other forums & had gotten no help (in one case still no response at all). Had also written to the pest removal software companies (purchased OR free software) that had failed to detect & remove my trojans. Still no response from any companies. I am an animal lover & would love to donate to your animal cause, Derek. However, because I am unemployed at present, I am not spending for anything extra (charity) beyond what I need since I need to be able to care for the 3 animals I own (and myself). I do think that rescue is very important since I am currently doing a lot of work with a dog rescue group screening applicants to rehome 2 of my mother's dogs. Now onto the computer stuff! While I was waiting to see if I'd get a helpful response from this forum, I read more on it & found the info. about the A2 AT. I downloaded it & it detected & removed the 2 Troj Hooker.24.B's!!!!! Nice program! Two down--one to go. I will download the trial TDS & see what happens with the last trojan. It makes a lot of sense, sig., that the scan was saying that these were "noncleanable" because it was looking for virally infected files to clean & these are maleware files that just need to be removed--also they are running. It was pretty discouraging & alarming at first when I saw "noncleanable", so thanks for the reassurance. Wow, Rod, its good to know about
    DelLater--I didn't. Even if TDS doesn't remove my remaining Trojan, I still will want some help with the Hijackthis log. I have it & it has 2 references to a file I downloaded without being aware that the program was tracking my surfing habits (e-scorcher). When I became aware I deleted it, but its on the log. Also had a worse problem with StopSign which as I remember kept reinstalling itself. Its on the log also. And there is yet another program that I thought I deleted. What do I need to do with the log? I'll let you know if TDS gets Troj Delf.CX.
     
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    Hi dreamcatcherco,

    As far as what to do with your HJT log.....

    Go HERE and follow the instructions.

    Regards,
    Kent
     
  7. dreamcatcherco

    dreamcatcherco Registered Member

    Joined:
    Mar 22, 2004
    Posts:
    9
    :)
    Thanks Kent. I'll use your link.
    When I scanned with TDS3 got no detection of the Troj Delf.CX that "Housecall" found. But before I selected my scan I had something in the alarm section that I didn't know what to do with. It said RegVal Trace: worm.moodown.
    Name: hkey_local_machine.
    File: software\microsoft\windows\current version\run[ICQNet. . .
    Do I need to delete it or save to texto_O
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    dreamcatcherco,

    Please follow instructions provided by Kent.


    As for Delf.CX you might have a look over here in regard to description as well as removal instructions.


    Moodown is most probably Netsky.A@mm (disregard the @ - look upon it as a simple @). Killing it is the way to go - perform a new scan after doing so.

    regards.

    paul
     
Loading...
Thread Status:
Not open for further replies.